From 47300bed75ade1060bd593f54c7dd3e4330eea86 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 17 Jun 2019 10:15:07 -0700
Subject: [PATCH] s3: smbd: Ensure unbecome_root() doesn't call chdir()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14000

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 source3/smbd/uid.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index a4bcb747d37..1cab2dfc0f5 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -621,6 +621,27 @@ void smbd_become_root(void)
 void smbd_unbecome_root(void)
 {
 	pop_sec_ctx();
+	/*
+	 * We need this uglyness as become_root()/unbecome_root()
+	 * pairs should only change credentials, and *NOT* change
+	 * the current working directory. This is the case for
+	 * all callers in smbd.
+
+	 * If code inside become_root()/unbecome_root() pairs
+	 * changes $cwd, it *must* restore it and check for
+	 * the restored path being safely under the share after
+	 * doing so.
+	 */
+
+	/*
+	 * Set current_user.done_chdir to false so pop_conn_ctx()
+	 * never calls chdir() from unbecome_root().
+	 *
+	 * pop_conn_ctx() overwrites this with the contents of
+	 * the previous connection context stack entry so we
+	 * don't need to save it.
+	 */
+	current_user.done_chdir = false;
 	pop_conn_ctx();
 }
 
-- 
2.22.0.410.gd8fdbe21b5-goog